dll issue after trojan removal

AVG has detected and quarantined a trojan on this path - 'Trojan horse Agent2.AMFY on file pathname C:\WINDOWS\oxoyumogav.dll'

Although there does not appear to be a Trojan on my PC and all is functiong fine except every time I start the PC I get the following error

error loading C:\WINDOWS\oxoyumogav.dll
    The specified module could not be found.

Once I click OK I can use the PC with no further issues. I am running WinXP Home. I have opened the quarintine window in AVG and deleted it as well believing this might remove the error.

Any ideas?
comautokAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

AnilKumarSharmaCommented:
The virus and/or infections are not cleaned fully. It may affected say setup the run key in registry to run this dll that is expected to be removed but didnt. There are several ways places where the launch of this dll is setup. Worse if some legitimate dll is compromised to setup for this dll run.
But first start with simple methods , if that works.

Looks in the registry specially in Run RunAs and RunOnce keys, whethere it is setup to run this dll, if so remove it.
You can look using msconfig to see if it is setup under startup tab and other tabs.
Also check up your startup folder is some batch file or anything suspecious is there, that need to be removed.

Check whether you got the same message in safe mode too, if so there are high chance of some legitimate dll is compromised, although i feel less chances of it. If not then some redundant entry is expected that just need to remove. There are tools as well that list out from all places about the startup things like exe, dll , com and bat etc. like "hijeck this"  and so on.

0
mkeiwuaCommented:
Hi comautok,

Go to Start> Run and type msconfig.

You should see the System Configuration Utility. Click on the Startup tab and locate under the command column "C:\WINDOWS\oxoyumogav.dll".

Uncheck the checkbox next to it and save changes, reboot the machine and the offending dll should be out.

B Rgds,

Mkeiwua
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
kaskhedikar_tusharCommented:
Hello,

Download & install Spybot 1.6.Update that spybot & scan whole your computer.Use good & purchased antivirus.

http://download.cnet.com/1770-20_4-0.html?query=Spybot+Search+Destroy&searchtype=downloads

Regards,
Tushar Kaskhedikar
0
Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

shankarmaniCommented:
hello

All dll in windows folder is need  for windows xp  to work good.u said its romoved by AVG. How ever you should put repair using Xp cd it will automatically restore. I think this is the best way for windows xp to work good with all suppored files.

0
awawadaCommented:
THIS WORKS!

run ms autoruns and delete this dll

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx 
0
JonveeCommented:
>error loading C:\WINDOWS\oxoyumogav.dll<

Looks like the infection is still there!  Combofix can probably remove it.
Download ComboFix and save to your Desktop >
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Before using ComboFix please disable any realtime Anti-virus, Anti-spyware, Shields, etc. that you may have running.
Also it may be necessary to rename ComboFix.exe (to Combo-Fix.exe for example), *before* saving it to your desktop.  If you have difficulties downloading it, try downloading to another machine, then into a USB memory stick or CD.  Rename it and carry to the infected machine, then try this key combination to reach a Run box>
Windows Logo+R: Run dialog box

Double click "combofix.exe" and follow the prompts.
When it's finished it will have produced a Logfile, probably at C:\ComboFix.txt.
You could post that log together with a HijackThis log, in a reply for us.
Please do not mouseclick Combofix's window while it is running, because it may stall.  
ComboFix should be run in normal mode.

Should you need it>   A guide and tutorial on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
0
awawadaCommented:
My explanation:
I have seen the same Trojan. And i think AVG has removed this malware but not the autostart entries. This virus is creating dll's with different names. Everytime you start the computer oxoyumogav.dll is trying to start. But the virus is not there.

To be sure that the Trojan is really deleted. Run also ComboFix and Malwarebytes after as Jonvee told.
Later you can also run some Online Scanners:
http://www.itsecurity.com/features/free-online-antivirus-tools-101207/
0
pratiganCommented:
Norton 2010 run full updates and full system scan to kill off the remaining pieces of the virus.
Then insert XP CD and boot to CD, run repair and restore that DLL file using the repair facility off the CD.  HELP at the repiar function prompt will give you a list of help commands.  There is a restore command.
0
comautokAuthor Commented:
Thanks all. The PC in question won't be available again untill tomorrow so will get back about this then after trying these suggestions.
0
djaburgCommented:
You can use a utility called HiJackThis to remove the offending entry, a quick google search will find it.  If AVG quarantined the file, then as stated above the entry to run the file still exists and simply need to be removed.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.